Image: Gage Skidmore/Flickr
FCC boss Ajit Pai says the agency will finally take steps to shore up the security of the FCCâs public comment system after being widely criticized for turning a blind eye to routine fraud and abuse.
If youâll recall, more than 22 million Americans voiced their thoughts on the Trump FCCâs attack on net neutrality last fall via the agencyâs website. The vast majority of comments opposed the move, closely reflecting surveys that show widespread, bipartisan support for the rules.
The public comment period for the repeal was the only real opportunity most Americans had to share their thoughts on the plan. Unfortunately, the FCC largely ignored public input, barreling forward with what may just be the least popular tech policy decision in the history of the internet.
Not a single one of your comments was cited in the FCCâs 218 page justification for its decision.
Worse, the entire public comment process was found to be rife with fraud and abuse. Anonymous attacks flooded the system with fake comments made by a combination of real, fake, and deceased individuals. My name was among those hijacked, and when I contacted the FCC for guidanceâthe agency informed me there was nothing they could do.
The fraud prompted an ongoing investigation into identity theft by New Yorkâs Attorney General. In a public letter last November, NYâs AG stated the FCC ignored nine attempts over five months to obtain server logs, API key details, or other information that could have aided the investigation into who was behind the attack.
The agency is also facing an ongoing lawsuit for ignoring Freedom of Information Act requests attempting to shine more light on the problem. At the same time, the FCC is also facing an inquiry by the General Accounting Office into its failure to protect FCC systems.
Back in May, Senators Senators Jeff Merkley (D-OR) and Pat Toomey (R-PA) fired off a letter to Pai demanding he actually do something about the abuse of FCC systems.
âLate last year, the identities of as many as two million Americans were stolen and used to file fake comments during the FCCâs comment period for the net neutrality rule,â the Senators wrote. âWe were among those whose identities were misused to express viewpoints we do not hold. We are writing to express our concerns about these fake comments and the need to identify and address fraudulent behavior in the rulemaking process.â
In a response letter this week provided to the Wall Street Journal, Pai says the agency is finally taking steps to address the problem, while acknowledging his own identity was hijacked during the comment process.âIt is troubling that some bad actors submitted comments using false names,â Mr. Pai said. âIndeed, like you, comments were submitted in my name and my wifeâs name that reflect viewpoints we do not hold.â
Consumer advocates have repeatedly claimed that whoever attacked the comment system was hoping to undermine trust in the integrity of the comment process, thereby allowing the industry (and the FCC) to downplay overwhelming opposition to their plan. Itâs a problem that doesnât appear to have been exclusive to the FCC.
Paiâs letter, which wasnât publicly shared, states that the FCC hopes to eventually ârebuild and re-engineerâ the commissionâs electronic comment system âto institute appropriate safeguards against abusive conduct.â It also states that Pai will approach Congress for funding for the overhaul, something Pai likely knows may not actually happen.
A timeline was not given for the purported improvements, and the FCC did not immediately respond to a request for comment as to why such measures hadnât been implemented earlier.
Among the improvements Pai said heâd consider is the implementation of a basic CAPTCHA system. Thatâs not a full solution, but it would have easily thwarted the bot used to file the bogus comments, which posted the fake missives in perfect alphabetical order as it pulled the names from what appears to have been a stolen database of unknown origins.
Of course a promise doesnât mean an actual fix is coming anytime soon, and Paiâs letter also fails to address why the FCC repeatedly refused to aid law enforcement inquiries.
Itâs behavior well in line with an agency that made up a DDOS attack and repeatedly leaned on completely bogus data and false claims to justify the repeal. Itâs likely that these and other strange behaviors will see renewed attention courtesy of the numerous lawsuits currently headed the agencyâs direction.
Advertisement